From 63b9a8aea84fe6196f6812bcb17c417b45730fb3 Mon Sep 17 00:00:00 2001
From: Frank Tang <ftang@chromium.org>
Date: Wed, 10 Mar 2021 18:53:32 +0000
Subject: [PATCH] ICU-21041 Fix fuzzer memory read error.

See #1622
---
 .cpyskip.txt                                     |   1 +
 icu4c/source/i18n/collationdatabuilder.cpp       |   6 ++++++
 .../fuzzer/collator_rulebased_ICU-21041.fuzz     | Bin 0 -> 1055 bytes
 3 files changed, 7 insertions(+)
 create mode 100644 icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz

diff --git a/.cpyskip.txt b/.cpyskip.txt
index a67e6dae15ff..9169f89e891e 100644
--- a/.cpyskip.txt
+++ b/.cpyskip.txt
@@ -27,6 +27,7 @@ KEYS
 *.dat
 *.DS_Store
 *.doc
+*.fuzz
 *.gif
 *.gz
 *.ico
diff --git a/icu4c/source/i18n/collationdatabuilder.cpp b/icu4c/source/i18n/collationdatabuilder.cpp
index 53361b86c7c7..7e80cef0cf2a 100644
--- a/icu4c/source/i18n/collationdatabuilder.cpp
+++ b/icu4c/source/i18n/collationdatabuilder.cpp
@@ -255,12 +255,18 @@ DataBuilderCollationIterator::getDataCE32(UChar32 c) const {
 
 uint32_t
 DataBuilderCollationIterator::getCE32FromBuilderData(uint32_t ce32, UErrorCode &errorCode) {
+    if (U_FAILURE(errorCode)) { return 0; }
     U_ASSERT(Collation::hasCE32Tag(ce32, Collation::BUILDER_DATA_TAG));
     if((ce32 & CollationDataBuilder::IS_BUILDER_JAMO_CE32) != 0) {
         UChar32 jamo = Collation::indexFromCE32(ce32);
         return utrie2_get32(builder.trie, jamo);
     } else {
         ConditionalCE32 *cond = builder.getConditionalCE32ForCE32(ce32);
+        if (cond == nullptr) {
+            errorCode = U_INTERNAL_PROGRAM_ERROR;
+            // TODO: ICU-21531 figure out why this happens.
+            return 0;
+        }
         if(cond->builtCE32 == Collation::NO_CE32) {
             // Build the context-sensitive mappings into their runtime form and cache the result.
             cond->builtCE32 = builder.buildContext(cond, errorCode);
diff --git a/icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz b/icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..41efe8040b3a5453532a90c37489a7682eb0b8ac
GIT binary patch
literal 1055
zcmbtT&r1SP5dPGNAfy$HLfdt_7?tKB@~}=|c-&Kp1Qm4=It1OL1wHiN1koSRz4q3j
zdmST6=wLsI*UVeXeqds~g?Y2@z4>P5o0&9#&8-Y9-hq8BMSMGp{&fkKMr8oA1Cj<p
z1n0?_C69F^_LN0b$fH~(8Ye|%5Pt=A=SHKa9lN&1Na{qOu_S`^3_=WW;|dBN+yl2I
zkFTQkT7<kI;tLR=hGnphOS_msZV=7$qcG4E5MUstWGn4nu?*~9#E|V~)*aQVz_q3r
z{sBgo#tJD(f?sm%c~FWY2a7rOqX<~VsELHF7L=cqR4Ad2lh;-|Lc)ZxBF-cZyT)<I
z5Bv5IdG}3jgHMdC@?SLo$PtXHW`+_@tHNNDk}eEW+3{}KwT**qL$4hzH9>Gb2<mX&
z50w|3f|Gsp4`Z#$$acU#jC$CQ=R%(-4yg4y)c(dSr__7(qQ5u7e_uTR2Jp4|{IUW3
zto~Wo>NnsTS#IS%st=NukO`n+i`XCLgRa#>A+1yln#WYr2i!0GEpl^{426sZQA*VT
J9=>2mfHxK4zAOL$

literal 0
HcmV?d00001